Device assets - Gain a comprehensive overview of physical or virtual devices managed by a Cortex XDR agent and execute direct response actions. - Administrator Guide - Cortex CLOUD

Navigate to Inventory → All Assets → Device → General Devices to view your inventory of physical and virtual endpoints, such as PCs, laptops, servers, and mobile devices, that are protected by an installed Cortex XDR agent.

The device inventory tracks vital operational and connectivity data for each asset. Analysts can view the endpoint status to see if the agent is Connected, Disconnected, or Lost, the operational status to verify if the endpoint is Protected, Partially Protected, or Unprotected, as well as the Agent Version, Operating System, and the last logged-in User.

For deeper visibility, device assets support Host Insights. This feature collects extensive business and IT operational data from the endpoint, including installed applications, autoruns, mounted disks, local user groups, and running services. This allows analysts to quickly identify anomalies, such as a suspicious service or an unauthorized autorun added to a device.

Because these device assets are actively managed by the XDR agent, analysts can execute direct response actions on the asset during an investigation. Supported actions include:

To ensure the device inventory remains accurate and clutter-free, administrators can perform one-time or periodic cleanups of duplicated entities. If a device is removed, its data is retained for 90 days from the last connection timestamp, and the data will be seamlessly recovered if the device reconnects to Cortex XSIAM in the future.